[0:00] Oliver Gruner Corporate Account Director for Mitsubishi Electric
Welcome to ICONICS Connect 2021 to our next session safeguarding against cyber security threats. Thank you for joining us. We realize your time is valuable, so we really appreciate your giving your attention today. My name is Oliver Gruner. I'm Corporate Account Director for our Mitsubishi Electric parent company, and I'm responsible for the relationship with Mitsubishi Electric globally. Today we have an exciting presentation and a great team assembled. With me today is Tom Burke, Global Director of Industry Partnerships with ICONICS, also wearing a Mitsubishi Electric hat, so he has a dual role. And it's great to have him here too. Then Dispel Chief Operating Officer Ben Burke and just to get this out of the way, no relations to Tom. Also joining us and presenting the demonstration is Yuki Shimizu from the Mitsubishi Electric, North American Development Center.
[1:10]
Ted Hill talked a lot this morning and specifically about remote work, and that is very important. Part of our discussion today in the agenda is when you do remote work, accessing OT systems, accessing them remotely, cybersecurity becomes not just an issue, it becomes a necessity. And there are features that we have in ICONICS that I want to present to you a little bit and how we enable our customers to help make systems more secure. We also do connectivity, and we do OPC UA. We are based on open standard sparkplug, and that's where Tom Burke is going to talk more about it and BACnet Secure Connect which is changing in the industry to make communications more secure, and that's an ongoing, very hot topic. Also, remote access is very, very important, remote access to OT system. And Ben Burke from Dispel is our guest presenter today, and he has a very great presentation and insight into Department of Defense grade level security. He'll show you what is new in the industry and how you can take advantage of it. Then towards the end, we're going to present with Yuki a product demonstration with Mitsubishi Electric hardware. We will do a remote connect into an existing Mitsubishi Electric industrial PC connected to a PLC, actually then operating equipment, and we want to make that a secure connection through Dispel. It's going to be very exciting, so I'm looking forward to this. And thank you for being with us and going on this journey.
[3:02]
First, what are the security cybersecurity features that we have within the ICONICS Suite software that makes it secure and better for you to deploy secure systems. Not all of these things that are listed here are brand new. The first one is with our recent release 10.97.1 back in March. It is a secure by default installation; there was a hole that customers pointed out to us because people sometimes forget to do certain things after the installation. Now we're forcing a security username and password for the ICONICS security system during the installation process. And so that's an important piece that we addressed, and thanks for all of the feedback that we received on this. Also, once you deploy, you want to communicate securely via https, and there are two ways to do this. Do you have a client connecting to a server? If it is a web HMI client or if it is a mobile HMI client, you can select to make a secure connection through HTTPS and web sockets. So that's part of the configuration that you can select. Specifically, when you have larger systems, and you have multiple ICONICS servers in your network, and they do cross communication. They communicate in an ICONICS system communicating to each other, so you can also enforce HTTPS security on those server-to-server communications through web sockets. It's all configurable within the mechanics workbench to make that secure.
[4:49]
Also, the other thing is identity providers. If you’re logging on as a client, you have to provide your username and password, and we have done this for over 12 years or 15 years now to use Microsoft Active Directory. But most IT departments don't want you to do this direct connection to the Active Directory server, so we're using other technologies like SAML and OIDC as identity providers to securely connect to that or to make that highly secure. And through that, we also enable multi factor authentication.